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AMENDMENTS TO THE CLAIMS 
Please amend the claims as indicated in the following listing of all claims: 

I. -9. (Canceled) 

10. (Currently Amended) A method as in claim 42 of s e curing a data transaction across 
a security barrier, th e m e thod comprising: 

validating a request messag e e ncoded in a structur e d request language against a 

pr e d e fin e d r e quest message sp e cification th e r e for; 
transmitting th e validat e d r e quest m e ssag e across th e security barri e r; 
validating a r e spons e m e ssag e encoded in a structur e d r e sponse language against a 

predefin e d respons e messag e sp e cification therefor, th e r e spons e message 

corr e sponding to th e validat e d r e qu e st; and 
transmitting th e validat e d r e sponse m e ssag e across the security barri e r , 
wherein the request and the response message validatings are respectively performed at 

first and second secure data brokers on opposing sides of the security barrier; and 
wherein the validated request and response message transmissions are between the first 

and second secure data brokers. 

II. (Currently Amended) A method as in claim 42 of s e curing a data transaction across 
a s e curity barrier, th e m e thod comprising: 

validating a r e quest messag e e ncoded in a structured r e qu e st language against a 

pr e d e fin e d request messag e specification th e refor; 
transmitting th e validat e d requ e st m e ssag e across th e s e curity barri e r; 
validating a r e spons e m e ssag e e ncod e d in a structur e d respons e language against a 

pr e d e fin e d r e sponse message specification therefor, th e r e spons e m e ssage 

corr e sponding to th e validated r e qu e st; and 
transmitting th e validat e d r e sponse m e ssag e across th e s e curity barrier , 
wherein the request message validating includes: 

parsing the request message using Data Type Definitions (DTDs) encoding a hierarchy of 
valid tag-value pairs in accordance with syntax of a valid request message; and 
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if the request message is not successfully parsed, forwarding a response message without 
transmission of the request message across the security barrier. 

12. (Currently Amended) A method as in claim 42 of s e curing a data transaction across 
a s e curity barri e r, th e m e thod comprising: 

validating a r e qu e st m e ssag e e ncod e d in a structur e d requ e st languag e against a 

pr e d e fin e d r e quest m e ssag e sp e cification th e r e for; 
transmitting the validated r e qu e st m e ssage across th e s e curity barri e r; 
validating a r e sponse m e ssag e encoded in a structur e d respons e languag e against a 

pr e d e fin e d r e sponse m e ssag e specification th e r e for, th e r e spon se mes s ag e 

corresponding to the validat e d r e quest; and 
transmitting the validated r e sponse m e s s age across th e s e curity barrier , 
wherein the response message validating includes: 

parsing the response message using Data Type Definitions (DTDs) encoding a hierarchy 
of tag-value pairs in accordance with syntax of a valid response message. 

13. -16. (Canceled) 

17. (Original) In a networked computing environment, a method of securing access to 
an information resource behind a security barrier, the method comprising: 

predefining a request message specification corresponding to a structured request 
language; 

formatting an access request in accordance with the structured request language; 
supplying the formatted access request to a first intermediary, the intermediary validating 

the formatted access request in accordance with the request message specification; 

and 

forwarding the validated access request across the security barrier. 

18. (Original) A method as in claim 17, further comprising: 

accessing the information resource in accordance with the validated access request. 


19. (Original) A method as in claim 17, further comprising: 
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receiving, at an application proxy, an access request targeting the information resource; 
and 

performing the access request formatting at the application proxy. 

20. (Original) A method as in claim 17, further comprising: 

predefining a response message specification corresponding to a structured response 
language; 

formatting a response to the access request in accordance with the structured language; 
supplying the formatted response to a second intermediary, the second intermediary 

validating the formatted response in accordance with the response message 

specification; and 
forwarding a validated response across the security barrier. 

21. (Original) A method as in claim 20, further comprising: 

accessing the information resource in accordance with an access request from a client; 
and 

supplying the client with a response in accordance with the validated response. 

22. (Original) In a networked computing environment, a method of securing access to 
information resource behind a security barrier, the method comprising: 

predefining a response message specification corresponding to a structured response 
language; 

formatting a response to an access request targeting the information resource, the 

formatted response being in accordance with the structured response language; 

supplying the formatted response to an intermediary, the intermediary validating the 
formatted response in accordance with the response message specification; and 

forwarding a validated response across the security barrier. 

23. (Original) A method as in claim 22, further comprising: 

accessing the information resource in accordance with the access request from a client; 
supplying the client with a response in accordance with the validated response. 
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24. (Previously Presented) An information security system comprising: 
a security barrier; 

a proxy for an information resource, the proxy and the information resource on opposing 
first and second sides, respectively, of the security barrier; 

a data broker on the first side of the security barrier, wherein, in response to an access 
request targeting the information resource, the data broker validates a request 
message encoded in a structured request language against a predefined request 
message specification therefor and forwards only validated request messages 
across the security barrier. 

25. (Original) An information security system as in claim 24, further comprising: 

a second data broker on the second side of the security barrier, wherein, in response to an 
access targeting the information resource, the second data broker validates a 
response message against a predefined response message specification and 
forwards only validated response messages across the security barrier. 

26. (Original) An information security system as in claim 24, further comprising: 
the information resource. 

27. -29. (Canceled) 

30. (Original) A computer program product encoded in computer readable media, the 
computer program product comprising: 

data broker code and parser code executable on a first network server separated from an 
information resource by a security barrier; 

the data broker code including instructions executable as a first instance thereof to 

receive access requests in a structured language corresponding to a predefined 
request message specification and to forward validated ones of the access requests 
across the security barrier toward the information resource; and 

the parser code including instructions executable as a first instance thereof to validate the 
received access requests against the predefined request message specification. 


004-3633_response_20060405 


-5 - 


Application No.: 09/357,726 


PATENT 


31. (Original) The computer program product of claim 30, further comprising: 
an encoding of the predefined request message specification. 

32. (Original) The computer program product of claim 30, 

wherein the data broker code and parser code are also executable on a second network 
server separated from a client application by the security barrier; 

wherein the data broker code includes instructions executable as a second instance 
thereof to receive responses in a structured language corresponding to a 
predefined response message specification and to forward validated ones of the 
responses across the security barrier toward the client application; and 

wherein the parser code includes instructions executable as a second instance thereof to 
validate the received responses against the predefined response message 
specification. 

33. (Original) The computer program product of claim 32, further comprising: 
an encoding of the predefined response message specification. 

34. (Original) The computer program product of claim 30, further comprising: 
application proxy code including instructions executable to format the access requests in 

accordance with the structured language corresponding to the predefined request 
message specification. 

35. (Original) The computer program product of claim 30, encoded by or transmitted in 
at least one computer readable medium selected from the set of a disk, tape or other magnetic, 
optical, or electronic storage medium and a network, wireline, wireless or other communications 
medium. 

36. -37. (Canceled) 

38. (Previously Presented) The method of claim 17 wherein the structured request 
language includes a markup language. 
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39. (Previously Presented) The method of claim 38 wherein the markup language 
includes extensible markup languge. 

40. (Previously Presented) The information security system of claim 24 wherein the 
structured request language includes a markup language. 

41 . (Previously Presented) The information security system of claim 40 wherein the 
markup language includes extensible markup language. 

42. (New) A method of securing a data transaction across a security barrier, the method 
comprising: 

validating a request message encoded in a structured request language against a 

predefined request message specification therefor; 
transmitting the validated request message across the security barrier; 
validating a response message encoded in a structured response language against a 

predefined response message specification therefor, the response message 

corresponding to the validated request; and 
transmitting the validated response message across the security barrier. 

43. (New) A method as in claim 42, 

wherein the request and response message specifications are predefined in accordance 
with valid request and response message constraints specific to an information 
resource. 

44. (New) A method as in claim 42, 

wherein at least one of the request and response message specifications is 
cryptographically secured. 

45. (New) A method as in claim 42, further comprising: 

receiving, at an application proxy, an access request targeting an information resource; 
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formatting the request message in a structured language corresponding to the request 
message specification; and 

transmitting the formatted request message to a secure data broker for the request 
message validating. 

46. (New) A method as in claim 42, further comprising: 

formatting the response message in a structured language corresponding to the response 

message specification; and 
transmitting the formatted response message to a secure data broker for the response 

message validating. 

47. (New) A method as in claim 42, further comprising: 

accessing an information resource in accordance with the validated request message; and 
preparing the response message in accordance with the access. 

48. (New) A method as in claim 47, 

wherein the response message is formatted in a structured language corresponding to the 
response message specification. 

49. (New) A method as in claim 42, 

wherein the request message is formatted in a structured language corresponding to the 

request message specification; and 
wherein the response message is formatted in a structured language corresponding to the 

response message specification. 

50. (New) A method as in claim 49, 

wherein the structured languages corresponding to the request and response message 
specifications include an extensible Markup Language (XML). 

5 1 . (New) A method as in claim 42, 

wherein at least one of the validated request message transmitting and the validated 
response message transmitting is via a secure protocol. 
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52. (New) A method as in claim 42, 

wherein at least one of the validated request message and the validated response message 
is encoded in a markup language. 

53. (New) A method as in claim 42, 
wherein the security barrier includes a firewall. 

54. (New) A method as in claim 42, 

wherein the security barrier includes a secure communication channel between servers. 

55. (New) In a networked information environment including a client and an 
information resource separated by a security barrier, an information security system comprising: 

means for proxying an access request by the client targeting the information resource and 
for preparing a request message corresponding to the access request in a 
structured language corresponding to a predefined request message specification; 

means for validating the request message against the predefined request message 

specification and forwarding only validated request messages across the security 
barrier. 

56. (New) An information security system as in claim 55, further comprising: 
means for validating a response message against a predefined response message 

specification and forwarding only validated response messages across the security 
barrier. 

57. (New) An information security system as in claim 55, further comprising the 
security barrier. 

58. (New) The method of claim 42 wherein the structured request language comprises a 
markup language. 

59. (New) The method of claim 58 wherein the markup language comprises extensible 
markup language. 
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